From fb55d321a200b015eda5e25eab0f1271036500bd Mon Sep 17 00:00:00 2001 From: Boris Glimcher Date: Thu, 20 Jun 2024 03:03:36 +0300 Subject: [PATCH] fix: allow to skip dhcp using url option Fixes #401 Signed-off-by: Boris Glimcher --- docker-compose.yml | 12 ++++++++++++ scripts/run_agent.sh | 7 ++++--- sztp-agent/cmd/daemon.go | 19 +++++++++++++++++-- sztp-agent/pkg/secureagent/daemon.go | 9 ++++++--- 4 files changed, 39 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0adf1f1a..3a8099d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -202,6 +202,7 @@ services: networks: - opi command: ['/opi-sztp-agent', 'daemon', + '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases', '--bootstrap-trust-anchor-cert', '/certs/opi.pem', '--device-end-entity-cert', '/certs/third_my_cert.pem', '--device-private-key', '/certs/third_private_key.pem', @@ -210,6 +211,7 @@ services: agent2: <<: *agent command: ['/opi-sztp-agent', 'daemon', + '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases', '--bootstrap-trust-anchor-cert', '/certs/opi.pem', '--device-end-entity-cert', '/certs/second_my_cert.pem', '--device-private-key', '/certs/second_private_key.pem', @@ -218,6 +220,16 @@ services: agent1: <<: *agent command: ['/opi-sztp-agent', 'daemon', + '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases', + '--bootstrap-trust-anchor-cert', '/certs/opi.pem', + '--device-end-entity-cert', '/certs/first_my_cert.pem', + '--device-private-key', '/certs/first_private_key.pem', + '--serial-number', 'first-serial-number'] + + agent4: + <<: *agent + command: ['/opi-sztp-agent', 'daemon', + '--bootstrap-url', 'https://redirecter:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data', '--bootstrap-trust-anchor-cert', '/certs/opi.pem', '--device-end-entity-cert', '/certs/first_my_cert.pem', '--device-private-key', '/certs/first_private_key.pem', diff --git a/scripts/run_agent.sh b/scripts/run_agent.sh index 628b422b..7b31a631 100755 --- a/scripts/run_agent.sh +++ b/scripts/run_agent.sh @@ -16,13 +16,14 @@ DOCKER_SZTP_IMAGE=ghcr.io/opiproject/opi-sztp-client:v0.2.0 ls -l /mnt/ # run docker (not compose) in host network -DHCLIENT_LEASE_FILE=/var/lib/NetworkManager/dhclient-eth0.lease -docker run --rm -it --network=host -v /mnt/:/mnt \ +docker run --rm -it --network=host \ + --mount type=bind,source=/mnt,target=/mnt,readonly \ --mount type=bind,source=/etc/ssh,target=/etc/ssh,readonly \ --mount type=bind,source=/etc/os-release,target=/etc/os-release,readonly \ - --mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases,readonly \ + --mount type=bind,source=/var/lib/NetworkManager,target=/var/lib/NetworkManager,readonly \ ${DOCKER_SZTP_IMAGE} \ /opi-sztp-agent daemon \ + --dhcp-lease-file /var/lib/NetworkManager/dhclient-eth0.lease \ --bootstrap-trust-anchor-cert /mnt/opi.pem \ --device-end-entity-cert /mnt/opi_cert.pem \ --device-private-key /mnt/opi_private_key.pem \ diff --git a/sztp-agent/cmd/daemon.go b/sztp-agent/cmd/daemon.go index 39c8be09..32250f2e 100644 --- a/sztp-agent/cmd/daemon.go +++ b/sztp-agent/cmd/daemon.go @@ -10,6 +10,7 @@ package cmd import ( "fmt" + "net/url" "os" "github.com/opiproject/sztp/sztp-agent/pkg/secureagent" @@ -32,7 +33,20 @@ func NewDaemonCommand() *cobra.Command { Use: "daemon", Short: "Run the daemon command", RunE: func(c *cobra.Command, _ []string) error { - arrayChecker := [4]string{dhcpLeaseFile, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert} + arrayChecker := []string{devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert} + if bootstrapURL != "" && dhcpLeaseFile != "" { + return fmt.Errorf("'--bootstrap-url' and '--dhcp-lease-file' are mutualy exclusive") + } + if bootstrapURL == "" && dhcpLeaseFile == "" { + return fmt.Errorf("'--bootstrap-url' or '--dhcp-lease-file' is required") + } + if dhcpLeaseFile != "" { + arrayChecker = append(arrayChecker, dhcpLeaseFile) + } + if bootstrapURL != "" { + _, err := url.ParseRequestURI(bootstrapURL) + cobra.CheckErr(err) + } for _, filePath := range arrayChecker { info, err := os.Stat(filePath) cobra.CheckErr(err) @@ -50,8 +64,9 @@ func NewDaemonCommand() *cobra.Command { flags := cmd.Flags() // TODO this options should be retrieved automatically instead of requests in the agent // Opened discussion to define the procedure: https://github.com/opiproject/sztp/issues/2 + flags.StringVar(&bootstrapURL, "bootstrap-url", "", "Bootstrap server URL. Mutually exclusive with '--dhcp-lease-file'") flags.StringVar(&serialNumber, "serial-number", "", "Device's serial number. If empty, discover via SMBIOS") - flags.StringVar(&dhcpLeaseFile, "dhcp-lease-file", "/var/lib/dhclient/dhclient.leases", "Device's dhclient leases file") + flags.StringVar(&dhcpLeaseFile, "dhcp-lease-file", "", "Device's dhclient leases file. Mutually exclusive with '--bootstrap-url'") flags.StringVar(&devicePassword, "device-password", "my-secret", "Device's password") flags.StringVar(&devicePrivateKey, "device-private-key", "/certs/private_key.pem", "Device's private key") flags.StringVar(&deviceEndEntityCert, "device-end-entity-cert", "/certs/my_cert.pem", "Device's End Entity cert") diff --git a/sztp-agent/pkg/secureagent/daemon.go b/sztp-agent/pkg/secureagent/daemon.go index 4c920c67..57935eaa 100644 --- a/sztp-agent/pkg/secureagent/daemon.go +++ b/sztp-agent/pkg/secureagent/daemon.go @@ -42,9 +42,12 @@ const ( // RunCommandDaemon runs the command in the background func (a *Agent) RunCommandDaemon() error { - err := a.getBootstrapURL() - if err != nil { - return err + var err error + if a.GetBootstrapURL() == "" { + err = a.getBootstrapURL() + if err != nil { + return err + } } err = a.doRequestBootstrapServerOnboardingInfo() if err != nil {